13948341 (P.T.A.B. Mar. 22, 2018)

Ex Parte Krywaniuk

Patent Trial and Appeal BoardMar 22, 2018

13948341 (P.T.A.B. Mar. 22, 2018)

UNITED STA TES p A TENT AND TRADEMARK OFFICE APPLICATION NO. FILING DATE 13/948,341 07/23/2013 64128 7590 03/26/2018 MICHAEL A DESANCTIS HAMILTON DESANCTIS & CHA LLP 12640 W. Cedar Drive, Suite 1 LAKEWOOD, CO 80228 FIRST NAMED INVENTOR Andrew Krywaniuk UNITED STATES DEPARTMENT OF COMMERCE United States Patent and Trademark Office Address: COMMISSIONER FOR PATENTS P.O. Box 1450 Alexandria, Virginia 22313-1450 www .uspto.gov ATTORNEY DOCKET NO. CONFIRMATION NO. FORT-006111 1032 EXAMINER PATEL, ASHOKKUMAR B ART UNIT PAPER NUMBER 2491 NOTIFICATION DATE DELIVERY MODE 03/26/2018 ELECTRONIC Please find below and/or attached an Office communication concerning this application or proceeding. The time period for reply, if any, is set in the attached communication. Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the following e-mail address( es): mdesanctis@hdciplaw.com PTOL-90A (Rev. 04/07) UNITED STATES PATENT AND TRADEMARK OFFICE BEFORE THE PATENT TRIAL AND APPEAL BOARD Ex parte ANDREW KRYWANIUK Appeal2017-005270 Application 13/948,341 1 Technology Center 2400 Before ERIC B. CHEN, MONICA S. ULLAGADDI, and SCOTT E. BAIN, Administrative Patent Judges. BAIN, Administrative Patent Judge. DECISION ON APPEAL Appellant appeals under 35 U.S.C. Â§ 134(a) from the Examiner's Final Rejection of claims 1-35, which constitute all claims pending in the application. We have jurisdiction under 35 U.S.C. Â§ 6(b ). We REVERSE. 1 Appellant identifies the real party in interest as Fortinet, Inc. App. Br. 3. Appeal2017-005270 Application 13/948,341 STATEMENT OF THE CASE Appellant's invention relates to "a service daemon process ... instantiated within a firewall to handle content processing of network traffic of virtual domains[.]" Spec., Abst. Specifically, in the claimed invention, "[a] communication channel is established between a kernel of the firewall and the service daemon process to transfer a portion of the network traffic between the service daemon process and the kernel." Id. Claims 1, 9, 18, and 27 are independent. Claim 1 is illustrative of the invention and the subject matter of the appeal, and reads as follows: 1. A method comprising: initiating a service daemon process within a firewall coupled to a plurality of virtual domains, wherein the service daemon process handles content processing of network traffic for all of the plurality of virtual domains by aggregating communication channels associated with the plurality of virtual domains and by applying to the network traffic an appropriate content processing policy corresponding to a virtual domain of the plurality of virtual domains with which the network traffic is associated; receiving, by the firewall, a first connection request involving a first virtual domain of the plurality of virtual domains; forking, by the service daemon process, a first child process for handling network traffic associated with the first virtual domain; establishing a first communication channel for the first virtual domain between a kernel of the firewall and the service daemon process to transfer at least a portion of the network traffic associated with the first virtual domain between the service daemon process and the kernel; configuring the first child process to perform content processing in accordance with a first content processing policy of the first virtual domain; and 2 Appeal2017-005270 Application 13/948,341 performing, by the first child process, content processing of the network traffic associated with the first virtual domain based on the first content processing policy. App. Br. 25-26, 29 (Claims App.) (emphasis added). Claims 1-35 stand rejected under 35 U.S.C. Â§ 103 as unpatentable over Boebert et al. (US 2004/0230791 Al; Nov. 18, 2004) ("Boebert") and Watson et al. (US 7,441,017 B2; Oct. 21, 2008) ("Watson"). Final Act. (June 19, 2015) 4--29. ANALYSIS We have reviewed the Examiner's rejection in light of the arguments raised in the Appeal Brief, on the record before us. For the reasons set forth below, we do not sustain the Examiner's rejection. Appellant argues the Examiner erred in rejecting independent claim 1 because, according to Appellant, the prior art does not teach or suggest the claimed transfer (via first communication channel) of network traffic between the firewall kernel and service daemon process. See App. Br. 18; see also App. Br. 25 (Claims App.). Specifically, Appellant argues the Examiner erred because: Id. In the context of independent claim 1, it is clear that the service daemon process and the kernel are distinct---especially in view of the fact that the claim language requires a communication channel to be established between the two (i.e., 'establishing a first communication channel ... between a kernel of the firewall and the service daemon process'). In contrast, the Examiner's rejection treats the service daemon process and the kernel as one in the same [.] We are persuaded the Examiner erred. As Appellant contends, the Examiner finds Boebert's "security policy enforcement code within the 3 Appeal2017-005270 Application 13/948,341 operational kernel" teaches the "daemon" recited in claim 1. See Final Act. 2, 5; Ans. 30; see also Boebert i-f 52 ("the operational kernel includes [the] security policy program code"). For instance, the Answer states Boebert "discloses a service daemon process as the security policy enforcement program code[.]" Ans. 30. The Examiner, however, does not explain how Boebert teaches a channel transfer of network traffic between the security policy enforcement code and encompassing operational kernel (i.e., a "channel ... between ... to transfer ... the network traffic," as recited in claim 1 ). In response to Appellant's argument, the Examiner cites Boebert paragraphs 53 and 227, and states: The Boebert reference reads on these limitations as the secure computer discloses wherein every process runs in a domain which is stored in the kernel data structure (Para 227). Here, the security policy enforcement code operates in a domain within the kernel and the server program serves as the firewall that controls communications between interfaces. The secure policy enforcement code communicates internally through the kernel in order to secure the communications that will be transmitted externally. The secure computer is then able to utilize the internal network interface and the external network interface through the assured pipeline to communicate information from a process through the firewall (Para 53). Ans. 32. Boebert's cited paragraphs 53 and 227, however, do not discuss a channel between the security policy enforcement code and encompassing operational kernel. To the extent the Examiner's Answer may be read as implying that Boebert teaches the security policy enforcement code communicates through the operational kernel, and thus transfers network traffic to the kernel via a channel, the Examiner does not adequately explain 4 Appeal2017-005270 Application 13/948,341 this finding on the record before us. That is, the Examiner does not explain why one of ordinary skill in the art would have understood the security policy enforcement code to be communicating "internally through the kernel," see supra (quoting Boebert i-f 53), much less why the code would have been understood to be transferring network traffic between itself and the kernel via a channel. Accordingly, on this record, we are persuaded of error as to claim 1. We need not reach Appellant's remaining arguments. For the same reasons as discussed above, we also conclude the Examiner erred in rejecting independent claims 9, 18, and 27, which recite limitations commensurate in scope to the disputed limitation of claim 1. Accordingly, we do not sustain the Examiner's rejection of independent claims 1, 9, 18, and 27. For the same reasons, we also do not sustain the rejection of dependent claims 2-8, 10-17, 19-26, and 28-35, which depend from claims 1, 9, 18, and 27 and therefore also include the disputed limitation. DECISION We reverse the Examiner's decision to reject claims 1-35. REVERSED 5